diff options
author | Pavel Emelyanov <xemul@openvz.org> | 2008-05-19 16:53:02 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-05-19 16:53:02 -0400 |
commit | 7d291ebb834278e30c211b26fb7076adcb636ad9 (patch) | |
tree | a6f7c95feff3a4f40603bf79b5cce85dc1c96e9f /net/ipv6 | |
parent | 0002c630c4ee7a3c6b1d87e34bfd6ce9694b49be (diff) |
inet: Register fragmentation some ctls at read-only root.
Parts of fragments-related sysctls are read-only, but this is
done by cloning all the tables and dropping write-bits from
mode. Do the same but with read-only root.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/reassembly.c | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c index 130d6f6b6a6e..9391a6949b96 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c | |||
@@ -658,6 +658,10 @@ static struct ctl_table ip6_frags_ns_ctl_table[] = { | |||
658 | .proc_handler = &proc_dointvec_jiffies, | 658 | .proc_handler = &proc_dointvec_jiffies, |
659 | .strategy = &sysctl_jiffies, | 659 | .strategy = &sysctl_jiffies, |
660 | }, | 660 | }, |
661 | { } | ||
662 | }; | ||
663 | |||
664 | static struct ctl_table ip6_frags_ctl_table[] = { | ||
661 | { | 665 | { |
662 | .ctl_name = NET_IPV6_IP6FRAG_SECRET_INTERVAL, | 666 | .ctl_name = NET_IPV6_IP6FRAG_SECRET_INTERVAL, |
663 | .procname = "ip6frag_secret_interval", | 667 | .procname = "ip6frag_secret_interval", |
@@ -684,7 +688,6 @@ static int ip6_frags_ns_sysctl_register(struct net *net) | |||
684 | table[0].data = &net->ipv6.frags.high_thresh; | 688 | table[0].data = &net->ipv6.frags.high_thresh; |
685 | table[1].data = &net->ipv6.frags.low_thresh; | 689 | table[1].data = &net->ipv6.frags.low_thresh; |
686 | table[2].data = &net->ipv6.frags.timeout; | 690 | table[2].data = &net->ipv6.frags.timeout; |
687 | table[3].mode &= ~0222; | ||
688 | } | 691 | } |
689 | 692 | ||
690 | hdr = register_net_sysctl_table(net, net_ipv6_ctl_path, table); | 693 | hdr = register_net_sysctl_table(net, net_ipv6_ctl_path, table); |
@@ -709,6 +712,20 @@ static void ip6_frags_ns_sysctl_unregister(struct net *net) | |||
709 | unregister_net_sysctl_table(net->ipv6.sysctl.frags_hdr); | 712 | unregister_net_sysctl_table(net->ipv6.sysctl.frags_hdr); |
710 | kfree(table); | 713 | kfree(table); |
711 | } | 714 | } |
715 | |||
716 | static struct ctl_table_header *ip6_ctl_header; | ||
717 | |||
718 | static int ip6_frags_sysctl_register(void) | ||
719 | { | ||
720 | ip6_ctl_header = register_net_sysctl_rotable(net_ipv6_ctl_path, | ||
721 | ip6_frags_ctl_table); | ||
722 | return ip6_ctl_header == NULL ? -ENOMEM : 0; | ||
723 | } | ||
724 | |||
725 | static void ip6_frags_sysctl_unregister(void) | ||
726 | { | ||
727 | unregister_net_sysctl_table(ip6_ctl_header); | ||
728 | } | ||
712 | #else | 729 | #else |
713 | static inline int ip6_frags_ns_sysctl_register(struct net *net) | 730 | static inline int ip6_frags_ns_sysctl_register(struct net *net) |
714 | { | 731 | { |
@@ -718,6 +735,15 @@ static inline int ip6_frags_ns_sysctl_register(struct net *net) | |||
718 | static inline void ip6_frags_ns_sysctl_unregister(struct net *net) | 735 | static inline void ip6_frags_ns_sysctl_unregister(struct net *net) |
719 | { | 736 | { |
720 | } | 737 | } |
738 | |||
739 | static inline int ip6_frags_sysctl_register(void) | ||
740 | { | ||
741 | return 0; | ||
742 | } | ||
743 | |||
744 | static inline void ip6_frags_sysctl_unregister(void) | ||
745 | { | ||
746 | } | ||
721 | #endif | 747 | #endif |
722 | 748 | ||
723 | static int ipv6_frags_init_net(struct net *net) | 749 | static int ipv6_frags_init_net(struct net *net) |
@@ -750,6 +776,10 @@ int __init ipv6_frag_init(void) | |||
750 | if (ret) | 776 | if (ret) |
751 | goto out; | 777 | goto out; |
752 | 778 | ||
779 | ret = ip6_frags_sysctl_register(); | ||
780 | if (ret) | ||
781 | goto err_sysctl; | ||
782 | |||
753 | ret = register_pernet_subsys(&ip6_frags_ops); | 783 | ret = register_pernet_subsys(&ip6_frags_ops); |
754 | if (ret) | 784 | if (ret) |
755 | goto err_pernet; | 785 | goto err_pernet; |
@@ -767,6 +797,8 @@ out: | |||
767 | return ret; | 797 | return ret; |
768 | 798 | ||
769 | err_pernet: | 799 | err_pernet: |
800 | ip6_frags_sysctl_unregister(); | ||
801 | err_sysctl: | ||
770 | inet6_del_protocol(&frag_protocol, IPPROTO_FRAGMENT); | 802 | inet6_del_protocol(&frag_protocol, IPPROTO_FRAGMENT); |
771 | goto out; | 803 | goto out; |
772 | } | 804 | } |
@@ -774,6 +806,7 @@ err_pernet: | |||
774 | void ipv6_frag_exit(void) | 806 | void ipv6_frag_exit(void) |
775 | { | 807 | { |
776 | inet_frags_fini(&ip6_frags); | 808 | inet_frags_fini(&ip6_frags); |
809 | ip6_frags_sysctl_unregister(); | ||
777 | unregister_pernet_subsys(&ip6_frags_ops); | 810 | unregister_pernet_subsys(&ip6_frags_ops); |
778 | inet6_del_protocol(&frag_protocol, IPPROTO_FRAGMENT); | 811 | inet6_del_protocol(&frag_protocol, IPPROTO_FRAGMENT); |
779 | } | 812 | } |